VeriSign touts EV SSL features in Firefox 3 and IE 7
After a serious problem with seal misuse was reported, The Inquirer reports on how VeriSign is touting the new EV SSL Certificates. The Inquirer first reported on the issue of VeriSign seal misuse after finding a site that claimed to be secure on all of it's transactions pages, even including a counterfeit version of the VeriSign site seal, yet providing no secure way to provide credit card and other personal details.
After our story went live, Tim Callan, Director of Product Marketing at Verisign got in touch with us through its PR firm Weber Shandwick and explained the inner workings of seal misuse reports, confirmed the irregular situation at the Skybox site and told us what mechanisms are in place to verify SSL certificates, and how IE 7 and Firefox 3 support "Extended Validation" SSL certificates.
Callan first told the INQUIRER that VeriSign "receives thousands of seal misuse reports each month" and that "99 per cent of them are false reports, some obviously so and some only after investigation".
Asked about the Skybox case in particular he said "You are correct that the Skybox site does not use any SSL at all, collects information that should be protected by encryption, and displays a counterfeit version of the VeriSign Secured Seal. We are not okay with that, and our anti-fraud team has begun a case against this site.”
He explained what consumers should do when they spot a Verisign seal on a web page, and that basically is: click on it, it should take you to a Verisign page showing information about the site and its certificate: "If you click on any legitimate seal, you will see a verification page with the name and location of the company that owns the site. Visitors can confirm that this page is form VeriSign by checking the URL of the verification page, which should start with https://seal.verisign.com.", said Tim, who highlighted the firm's Consumer Education site available over here.
He admitted that the process of verifying a trust seal is not well known to the average consumer and recommended EV SSL Certificates as a solution to the problem.
He recognized the reporting and seal verification process is not for the average Joe: "We do understand, however, that this process might not be one that every site visitor can navigate successfully" and says features built into the Vole's IE 7 web browser make spotting real secure sites from fake ones easier, specially if the site uses "Extended Validation" SSL certificates: "Extended Validation SSL Certificates put a highly visible indicator into a compatible browser (a green address bar in IE7) to show that the authentic identity of the site has been confirmed using known, reliable methods. IE7 also displays the name of the organization next to the URL, and because this information is up in the chrome of the browser, it's outside the reach of a phisher or other perpetrator of false sites".
He says that IE 7's green address bar "only appears on pages that have SSL enabled, so you can also confirm that this page has a certificate in place to encrypt your transmissions." We told Tim that this scribbler for instance uses Linux, and that as such Volesoft's Internet Explorer is not a software I can use, so we asked him what happens with Mozilla derived browsers, like Firefox or SeaMonkey. He told the INQ that help is in the way in the form of the upcoming Firefox version three.
Verisign touts EV SSL features in Firefox 3 and IE 7 - [The Inquirer]
Originally posted on Sun Dec 9, 2007